ByteOS Network

mlc-ai

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-57809

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-7.7||HIGH

EPSS-Not Assigned

Published-25 Aug, 2025 | 21:22

Updated-26 Aug, 2025 | 20:19

XGrammar affected by Denial of Service by infinite recursion grammars

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21.

Vendor-mlc-ai

Product-xgrammar

CWE ID-CWE-674

Uncontrolled Recursion

CVE-2025-32381

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-6.5||MEDIUM

EPSS-0.13% / 32.75%

7 Day CHG~0.00%

Published-09 Apr, 2025 | 16:00

Updated-09 Apr, 2025 | 20:43

Denial of Service by abusing xgrammar unbounded cache in memory

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to 0.1.18, Xgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system making use of xgrammar can be abused to fill up a host's memory and case a denial of service. For example, sending many small requests to an LLM inference server with unique JSON schemas would eventually cause this denial of service to occur. This vulnerability is fixed in 0.1.18.

Vendor-mlc-ai

Product-xgrammar

CWE ID-CWE-770

Allocation of Resources Without Limits or Throttling